need to add the com.apple.security.cs.allow-unsigned-executable-memory entitlement / PACE ILOK Notarization. Fatal error: 1000000

Question

Created Apr ’22

Replies 1

Boosts 0

Views 2.1k

Participants 2

Hello, I'm using a wrapper from a company call PACE to make a piracy protection for my software. I can wrap and it works, but then, in order to notarize my software with apple, i have to sign it (that is no problem) and apply a "hardened runtime enabled". And that's when I get stuck. I can apply that as apple want but, as soon i apply the hardened runtime enabled, the piracy protection wrapper gets broken and my software doesn't start. it gives me a "Fatal error: 1000000"

The Pace company said: You need to add the com.apple.security.cs.allow-unsigned-executable-memory entitlement when signing. To do this, you should create an entitlements file with at least the following contents (add your own required entitlements as needed)

xml version="1.0" encoding="UTF-8" DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> plist version="1.0" dict key com.apple.security.cs.allow-unsigned-executable-memory /key> true/> /dict> /plist>

How I add/create the com.apple.security.cs.allow-unsigned-executable-memory entitlement?

Could you help me with the steps to create that in my mac? I'm on 11.6.3 OS. I have xcode but I didn't use it.

Also, anybody knows how to notarize a PACE wrapped software applying "hardened runtime enabled" with out this error?

Thank you! Javier

Answered by DTS Engineer in 709742022

To start, you won’t be able to notarise your product without enabling the hardened runtime. That’s a strict requirement for notarisation.

As to how you apply a hardened runtime exception entitlement, that depends on your tooling. It sounds like you’re not using Xcode, in which case I presume that you’re signing your code using command-line tools. If that’s not the case, if you’re using some other development environment, you’ll have to ask that that environment’s vendor how to translate these instructions into their environment.

For signing a code from the command line, you can find comprehensive instructions for this in my Creating Distribution-Signed Code for Mac post. There’s a Configure Your Entitlements that covers entitlements specifically.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

Apr ’22

Accepted Answer

To start, you won’t be able to notarise your product without enabling the hardened runtime. That’s a strict requirement for notarisation.

As to how you apply a hardened runtime exception entitlement, that depends on your tooling. It sounds like you’re not using Xcode, in which case I presume that you’re signing your code using command-line tools. If that’s not the case, if you’re using some other development environment, you’ll have to ask that that environment’s vendor how to translate these instructions into their environment.

For signing a code from the command line, you can find comprehensive instructions for this in my Creating Distribution-Signed Code for Mac post. There’s a Configure Your Entitlements that covers entitlements specifically.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0